← 返回 Skills 市场
Powershell Sandbox
作者
yuyonghao-123
· GitHub ↗
· v0.1.0
· MIT-0
110
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install powershell-sandbox
功能描述
在受限 PowerShell 环境中安全执行脚本,支持命令白名单、超时控制、输出限制、文件隔离和执行前安全检查。
安全使用建议
Do not install or run this skill as-is. Before trusting it: (1) ask the publisher/source for the actual sandbox implementation (src/sandbox.ps1) and confirm it is present; (2) review the sandbox.ps1 code to verify command/.NET-type filtering, file-path isolation, and job-based termination are implemented securely and cannot be trivially bypassed; (3) verify runtime requirements (PowerShell version, OS) and that your agent environment meets them; (4) test the implementation in an isolated VM with no network access and inspect audit logs for behavior; (5) avoid using the -AllowNetwork option unless you have audited the code; (6) be skeptical of the included TEST_RESULTS.md until you can reproduce those tests against the real code. These inconsistencies could be an oversight or a sign of incomplete/mispackaged skill — proceed only after obtaining and reviewing the actual implementation.
功能分析
Type: OpenClaw Skill
Name: powershell-sandbox
Version: 0.1.0
The skill bundle provides a PowerShell execution environment, which is an inherently high-risk capability. While the documentation in SKILL.md describes robust security features such as command whitelisting, .NET type restrictions, and timeout controls, the core implementation file (src/sandbox.ps1) is missing from the provided content, making these security claims unverifiable. The inclusion of a high-risk '-AllowNetwork' parameter and the inherent nature of shell access align with the criteria for a suspicious classification.
能力评估
Purpose & Capability
SKILL.md and package.json describe and document a runnable PowerShell sandbox (src/sandbox.ps1, tests, etc.) but the package contains no code files—only documentation. The skill also claims to target PowerShell 5.1+/7+ yet the metadata declares no required binaries or OS restriction. An agent would need PowerShell installed to fulfill the stated purpose; the absence of declared runtime requirements and the missing sandbox implementation are incoherent with the described capability.
Instruction Scope
The instructions describe scanning script contents, enforcing command and .NET-type whitelists, running scripts as PowerShell jobs, enforcing timeouts, truncating output, and writing audit logs to a local path. These runtime actions are broadly consistent with the stated goal. However, the doc-level instructions direct the agent to exec a local sandbox script (path shown) that does not exist in the package; the pre-execution scanning approach described could be bypassed by obfuscation or dynamic code constructs (IEX is explicitly forbidden, but other vectors exist). The doc also instructs writing audit logs to '.learnings/sandbox-log.md' (writing to disk) which is reasonable for auditing but should be validated.
Install Mechanism
There is no install spec (instruction-only), which minimizes install-time risk. However, package.json declares 'main': 'src/sandbox.ps1' and tests, yet those files are absent from the package. This discrepancy is suspicious: the package claims a runnable entrypoint and passing tests but provides only documentation.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a local sandbox. One caution: the skill exposes an '-AllowNetwork' option that, if used, permits network access; enabling it increases risk and should be avoided unless absolutely necessary and validated. The documentation's recommended behaviors (no external interfaces, use sandbox for untrusted code) align with the lack of credentials.
Persistence & Privilege
The skill does not request persistent or system-wide privileges; flags show always:false and normal model invocation behavior. It does recommend creating local audit logs but does not claim to modify other skills or system configs. No elevated privileges are requested in metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install powershell-sandbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/powershell-sandbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
PowerShell 脚本安全沙箱初始发布:
- 支持命令白名单/黑名单和 .NET 类型限制
- 执行前自动进行危险命令与类型安全检查
- 超时保护(Job 机制),防止脚本长时间运行
- 输出行数与字符数限制,防止日志炸弹
- 文件操作严格限定于工作目录,防止越权访问
- 全流程审计日志与标准退出代码
元数据
常见问题
Powershell Sandbox 是什么?
在受限 PowerShell 环境中安全执行脚本,支持命令白名单、超时控制、输出限制、文件隔离和执行前安全检查。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 110 次。
如何安装 Powershell Sandbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install powershell-sandbox」即可一键安装,无需额外配置。
Powershell Sandbox 是免费的吗?
是的,Powershell Sandbox 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Powershell Sandbox 支持哪些平台?
Powershell Sandbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Powershell Sandbox?
由 yuyonghao-123(@yuyonghao-123)开发并维护,当前版本 v0.1.0。
推荐 Skills